Hi Soenke,
The website is again up, that is what I'm looking for:
*
Adds protection against newline attacks to mail()
*
Unfortunately, there is no package for debian sarge, but it is worth to
compile it.
Thank you for the answer!
Carlos.
En/na Soenke Ruempler - NorthClick ha escrit:
> Hi Carlos,
>
> Carlos Acedo <mailto:carlos@pangea.org> wrote on Tuesday, May 22, 2007 12:36
> PM:
>
>> My server is being used by spammers who inject mail headers in php
>> scripts to send spam, I have tried mod-security to block those
>> injections but still remains.
>>
>> Is there a way to block this php header injections once for all?
>> I've been thinking about suPHP, but this will only tell me
>> where is the
>> 'hole'
>>
>> Any solution?
>
> Use suhosin protection, it has email spam protection as it doesn't allow
> newlines in headers:
>
> # apt-get install php5-suhosin
>
> Unfortunately the website suhosin.org is down atm - however if up again:
>
> http://www.hardened-php.net/suhosin/index.html
>